An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.
| Vendor | Product | Versions |
|---|---|---|
| Trend Micro | Trend Micro Apex One | 2019, SaaS |
| Trend Micro | Trend Micro OfficeScan | XG SP1 |
| Trend Micro | Trend Micro Worry | Free Business Security — 10.0 SP1 |
Yes — actively exploited. Added to the CISA KEV catalog on 2021-11-03. Ransomware use: Unknown.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.